Feeds:
Posts
Comments

Posts Tagged ‘Click Fraud’

Majority of Web Users Want More Fraud Protection from Retailers

Posted in Online Shopping, Click Fraud, General News / Technology, Mobile Commerce, tagged , , , , on April 28, 2011 | 1 Comment »

There was a time when online crime and click fraud seemed to exist outside the consciousness of most online shoppers. Those days appear to be long gone.

A new survey released by privacy research firm the Ponemon Institute and fraud prevention services provider ThreatMetrix says as much, with a whopping 85 percent of respondents indicating that they worry about becoming a fraud victim as a result of their online usage.

By comparison, 80 percent of those polled expressed similar concerns the last time the two entities ran a similar study.

Ponemon and ThreatMetrix polled 607 regular internet users for the latest survey, and included a wide range of  activities under its definition of “online fraud”, including credit card scams, identity theft, phishing, and spam as well as attacks that target personal information and account details under false pretenses.

“A lot of fraudulent activity goes unreported today, making it difficult for online businesses to fully understand the prominence and seriousness of the problem,” says Reed Taussig, ThreatMetrix CEO.  “With a rise in online transactions and activities across devices, more needs to be done to educate online merchants, banks, social outlets and other businesses on how to decrease fraudulent activity.”

With that increased awareness of the threat of online fraud comes a desire on the part of most web users to see more protections from e-tailers, even if that means giving up some of the privacy they enjoy while shopping online: almost three-quarters of those polled in the survey said they’d be okay with trusted online businesses placing cookies on their computers in order to authenticate them; 82 percent said they expect businesses to offer alternative authentication measures if cookies proved ineffective.

“Consumers expressed much more willingness to share data like Internet Service Providers, computer serial number, type and make, rather than information like date of birth and telephone number,” says Larry Ponemon, chairman of the Ponemon Institute.

The pool of respondents used in the survey was certainly a good one to speak on the issue of online fraud in general: 42 percent of those questioned said they have already been the victim of fraud before.

Unfortunately, their responses also make clear that most fraud victims don’t do much in response to being duped.  Only 19 percent of those who had suffered from fraudulent activities actually notified the involved online business directly of it, while the rest didn’t report the crimes at all.

Leave us your thoughts and comments below.

Read Full Post »

Bad News Continues as Q2 Click Fraud Rates are Released

Posted in Click Fraud, tagged , , , , , on July 8, 2010 | Leave a Comment »

Even we admit that we’re starting to sound like a broken record here at Junkie when the topic of click fraud comes up.  But don’t blame us for being repetitive!  Even though we’re always thinking positive thoughts and hoping for the best, click fraud data continues to disappoint every three months or so.

The second quarter of 2010 isn’t any different.  In fact, it’s now to the point where the leading click fraud trends are consistently heading in the WRONG direction when analyzed in the big picture, offering no relief in sight for beleaguered web advertisers and marketers.

Anchor Intelligence, our most-trusted source for comprehensive data on click fraud, reports that second quarter fraud actually moderately decreased, down to 28.9 percent from 29.2 percent in the first three months of 2010.

We’d suggest a celebration for this 0.3 percent reduction, except for one glaring problem:  the Q2 rate actually represents a 26 percent increase in fraud compared to the same quarter just a year ago.

What’s happened in 12 short months that makes this possible?  As usual, Anchor cites the “dramatic” growth of botnets in both scale and volume around the globe as the main culprits.  The “exploitation by malicious hosts” of security vulnerabilities in the Internet infrastructure of many countries is also to blame.

Vietnam (37.3 percent), Australia (36.4 percent) and the U.S. (34 percent) continue to lead the rankings around the world for the highest attempted click fraud rates.  But India isn’t far off, after recording a dramatic jump in click fraud from 21.8 percent in Q1 to 31.7 percent in the second quarter.

“Click fraud attempts are not going to go away any time soon.  Cybercriminals will simply reallocate their attempts from well protected ad networks and search engines to those that do not have a fortified line of defense,” says Ken Miller, CEO of Anchor Intelligence.  “Fraudsters are efficient.  Once they stop receiving payments from one set of targets, they’ll simply find another set that is likely to pay out.”

Talk about doom and gloom! Is there anything good to take away from Anchor’s quarterly report?

Anchor did report that search engines and advertising networks that process more than 1 million daily ad clicks were experiencing some decreases in click fraud in the second quarter, attributed mostly to their partnerships with networks that have amped up click fraud defenses and/or don’t bill for fraudulent clicks.  Firm numbers on those decreases aren’t available, however.

We’ve been reporting that same rough news about click fraud every quarter for quite awhile now. So it’s time for you, our readers, to have a say.   Give us your ideas and thoughts on how to turn this click fraud mess around.  What drastic strategic steps do you think need to be implemented? Or is it just a lost cause?  Leave a comment and let’s get an open discussion going here!

Read Full Post »

Microsoft Goes to Court Again over Click Fraud

Posted in Click Fraud, Ecommerce, tagged , , , , , , on May 20, 2010 | Leave a Comment »

Give the folks at Microsoft (MSFT) credit. When they say they’re serious about cracking down on click fraud, they really mean it.

Just a few months after taking legal action against a number of hackers and click-fraud perpetrators, the software giant has filed two more lawsuits against parties it claims are now engaged in a whole new form of click fraud that Microsoft has uncovered.

One suit filed in the U.S. District Court for the Western District of Washington charges RedOrbit.com president Eric Ralls and ten others with engaging in click laundering, a term Microsoft has created to describe a new method of boosting the number of ad clicks on a web site. RedOrbit, which at one time was an approved site on Microsoft’s AdCenter network, is accused in the suit of using botnets and “parked sites” to dramatically increase the number of clicks on ads on the RedOrbit site.  Unlike conventional click fraud methods, however, RedOrbit directed click traffic to its own servers, where it could replace traffic reference information with a code to make it appear as though the traffic came directly to the approved RedOrbit page.

“What was at one point thought to be highly or almost impossible to do, we have uncovered it is technically possible to do,” said Richard Boscovich, an attorney in Microsoft’s digital crimes unit. “This is the first time we’ve seen this occur.”

The term “parked sites” refer to web pages with little or no value that generally are composed only of long lists of links.

Microsoft claims it discovered the new phase of click fraud in early 2009 after noticing that hits from RedOrbit.com jumped astronomically—from an average of 75 per day to nearly 10,000. Microsoft appears pretty confident that RedOrbit perpetrated the fraud, since it was the one and only company that stood to profit from the activity the resulted in such a massive increase in clicks.

The second lawsuit covers another case of potential click laundering on sites affiliated with HelloMetro.   Twenty unnamed individuals are cited in the suit and Microsoft hopes to reveal the identities of those involved during the discovery process.  The twin suits could be just the beginning of an aggressive legal strategy by Microsoft to shut down those they believe are guilty of click laundering.

“We believe that although these are the only two cases we’ve identified, based on our traffic quality team, they think it’s a much bigger problem,” said Boscovich, who also noted that the company has already implemented countermeasures to stop any more attempts at click laundering.  What those steps are, however, remain a secret to the general public.  Microsoft’s willingness to pursue legal action against fraudsters should also serve as a deterrent to others who are pursuing fraudulent action on pay-per-click advertising models.

Nevertheless, there is a consensus building among many in the industry that advertising platform operators like Microsoft and Google (GOOG) will need to begin working in tandem to combat click fraud in all forms.  Fraudulent activity continues to grow, causing an increasing mistrust on the part of advertisers in the pay per click model, which would certainly affect the bottom lines of web advertising leaders.

We’ll keep close tabs on these and other click fraud lawsuits. As always, feel free to leave us your thoughts in the comment section below!

Read Full Post »

Another Quarter, Another Jump in Click Fraud

Posted in Click Fraud, tagged , , , , , , on April 9, 2010 | 2 Comments »

Anchor Intelligence has released its report on Q1 2010 traffic quality and as expected, click fraud has increased yet again across the web.

Anchor is reporting a fraud rate of 29.2 percent for the first three months of this year, building on the 25.7 percent click fraud rate over the final quarter of 2009, and representing an almost 14 percent increase.  That’s also a 34 percent increase in click fraud from the first quarter of 2009.

According to the report, the continued rise in click fraud is largely due to the dramatic growth of botnets in both scale and volume around the world and we’re inclined to agree.  Click fraud rates have been rising steadily for as long as Ecommerce Junkie has been writing about it and it’s no coincidencethat botnets have become an increasingly larger menace over that time period as well.

The report from Anchor also includes data on traffic quality rates by country, with Vietnam (35.4 percent), Australia (35.2 percent) and the U.S. (35 percent) rounding out the top three for highest rates of click fraud among 30 countries across the globe.  Again, botnets and click-fraud rings are likely the biggest cause of fraudulent traffic in these countries.  The United Kingdom has been hit especially hard by botnet activity over the last six months, with click fraud rates rising to 32 percent there this quarter after only 18 percent in Q4 2009.

“As Internet usage has grown in countries lacking appropriate cybersecurity measures, more and more computers have become infected with malware and used as click fraud zombies,” said Ken Miller, CEO of Anchor Intelligence.  “Through this report, we hope to convey the importance of advertising with ad networks and search engines that partner with third-parties such as Anchor to certify their traffic quality.”

Admittedly, it has been a rough few months for cyber security overall, which probably also explains the continued rise in fraud.  There have been recent reports from McAfee and Google on a rise in cyber attacks against blogs in Vietnam that were critical of certain mining efforts.  And of course, we had more than thirty companies (including Google) who were victims of cyber security breaches originating out of China back in December and January.

Despite the fact that the U.S. economy is beginning to rebound, businesses continue to tread cautiously when it comes to their online advertising operations and click fraud is a big reason why.  We’ve heard instances of advertisers being charged extra for multiple clicks from the same web user in certain cases, which is just one example of how damaging and unfair the wrong kind of advertising activity can be to retailers and other web marketers.  As always, we strongly recommend that you do your research before embarking on an online advertising campaign.  Once you have a campaign going, we also suggest parsing the clicks and data from your traffic server logs yourself instead of relying on the third parties you’re advertising with who may offer tracking software or tools as part of their packages.

We’ll keep tabs on click fraud data and cyber security news as it arises.  Leave us your thoughts and comments below.

Read Full Post »

Operation b49: Microsoft Takes on Botnets In Court

Posted in Click Fraud, tagged , , , , , , , on February 27, 2010 | 2 Comments »

If the issue of click fraud is a battlefield with advertisers and tech leaders on one side facing off against cyber criminals on the other, then it could easily be said that Microsoft has fired a very big shot for the good guys.

The software king opened a legal assault earlier this week against several networks of compromised computers being run by hackers, and a federal judge in Virginia agreed to the company’s request to deactivate 277 infringing domain names.

Microsoft’s suit, which was filed on Monday, specifically targets a botnet known as Waledec, as well as 27 “John Doe” defendants.  The company maintains this pool of cybercrooks broke federal laws with a scheme to create bot-herders.  Bot-herding is a process by which hackers use automated scans to look for vulnerable computers across several networks, which then become one of many zombie machines when infected by the  hacker.  Spam, click fraud, denials of service and malicious software can all be spread through the use of bot-herding, which gives the hacker complete control over an infected computer.

In the suit, Microsoft’s attorneys asked U.S. District Judge Leonie Brinkema to issue a restraining order to allow the company to cut communication channels to the botnet in stealth before its perpetrators had a chance to re-establish their links to its network.

Waledac is believed to be one of the 10 largest botnets in the U.S., with the ability to send approximately 1.5 billion spam email messages per day, while stealing sensitive information and establishing backdoor remote access on any machine it infects.  Online security experts estimate the botnet has infected hundreds of thousands of computers around the world.  Microsoft itself has analysis that shows more than 650 million spam emails attributed to Waledac were directed to Hotmail accounts between December 3-21 of 2009 alone.  Clearly, there was a need to act and Microsoft did just that.

“The takedown of the Waledac botnet that Microsoft executed this week — known internally as Operation b49 — was the result of months of investigation and the innovative application of a tried-and-true legal strategy,” said Tim Cranton, Microsoft Associate General Counsel.

Cranton went on to say that Operation b49 had effectively shut down connections with the vast majority of Waledac-infected machines within three days of implementation and that Microsoft was shooting to make the disruption permanent.  He did caution however that the effort would not thoroughly cleanse infected computers, which would still be hosting the original malware.

Industry experts have long agreed that online fraudsters will not be curbed merely by fighting them on a technology level.  As such, in opening a new front against cyber-crime, Microsoft is being lauded for finding a legal principle with which to challenge the bot-herders on this matter, which may open new opportunities in the future for others to more aggressively fight back against cyber crime.

Read Full Post »

Final 2009 Click Fraud Data Released

Posted in Click Fraud, Merchant Tips, tagged , , , , , , on January 19, 2010 | Leave a Comment »

Anchor Intelligence unveiled new data on click fraud rates for the fourth quarter of last year in conjunction with an overall report on click fraud throughout 2009, and the picture remains an ugly one.

Anchor, the California-based traffic quality provider that Ecommerce Junkie regards as the most reliable industry source of click fraud information, states in its 2009 Year in Review that click fraud rates jumped by nearly 40% between the third (18.6 percent) and fourth (25.7 percent) quarters last year—meaning that by the end of 2009, one out of every four ad clicks across the web constituted some attempt at click fraud.  That’s a percentage that should make all online advertisers very nervous.

Now, to be fair, some increase in Q4 rates probably should’ve been expected.  After all, it’s a time period that includes Cyber Monday and the holiday shopping season at large, when more ads are being bought and placed, and millions are using the web for holiday shopping.

But with that increase in ads and traffic came an even more expansive effort from fraudsters. Botnets, the automated ring leaders of click fraud activity, continue to grow in number, are increasingly hard to track, and are getting even more devious.  Anchor noted that newer advertisers, for example, saw an even higher rate of fraud towards the end of the year as these botnets and click fraud farms expanded to every corner of web advertising.

The report also noted that the U.S. and Canada continue to be the largest sources of attempted click fraud by volume, while warning that 2010 could be even worse as cyber criminals look to exploit the growth and popularity of social networks like Facebook and Twitter.

“As botnets become more flexible and resilient, click fraud will be increasingly difficult to identify without a collaborative and systematic, network-based approach,” said Ken Miller, Anchor’s CEO.  “By releasing this report, we hope to provide a barometer by which the industry can assess the level of threats to online advertising while also conveying the importance of advertising with ad networks and search engines that partner with third-parties to certify their traffic quality.”

As we said, a 25-plus percent rate of click fraud, as well as Anchor’s warning that things may not improve anytime soon,  should concern any web advertiser.  Many industry insiders privately say that click fraud will never completely be abolished and suggest that perhaps, budgetingfor losses because of click fraud will become standard practice.  While we’re not willing to give in quite that easily, it’s obvious that click fraud perpetrators are adapting and evolving faster than wecan counter.

That means that ultimately, the burden for dealing with click fraud is on you, the advertiser.  We’ve said time and again that it’s vital to educate yourself how click fraud works and keep constant tabs on your click logs to learn the signs consistent with botnet activity.  Doing so will put you in a better position to spot instances of fraud, and thus help you better determine which web advertising optionsare the safest.

As Anchor Intelligence’s report proves yet again, click fraud is not going anywhere anytime soon. Are you prepared to deal with it here in 2010 and beyond?  Feel free to leave us questions or tips in the comment section below.

Read Full Post »

Merchant Tip: New Click Fraud Threat Emerges

Posted in Merchant Tips, tagged , , , , , , , , on January 14, 2010 | 1 Comment »

You may have noticed that some news outlets this week have been covering a story on a new, and particularly devious, model of click fraud that has been discovered by a Harvard Business School professor named Ben Edelman.  (Find the Forbes.com article here).  As regular readers of Junkie well know, click fraud is a major source of interest to us, as it should be to anyone involved in e-commerce.  And as far as click fraud schemes go, this one is a doozy so it certainly necessitates some attention from us.

So what makes this version of click fraud so dangerous?  The scheme not only simulates valid Google ad clicks, it also simulates a real customer and an actual sale on that advertiser’s site, a combination that many industry experts once thought was unimaginable

How does it work?  According to Edelman, the perpetrators of the fraud, believed to be a site called TrafficSolar.com, make deals to host Google PPC ads through an extensive network of Google affiliate partners.  Each of those partners place their ads on other sites in exchange for a slice of the revenue. TrafficSolar then infects web users’ computers with spyware by exploiting a security loophole in Windows XP or Internet Explorer when that user visits a site that they have compromised.

If someone with an infected machine visits one of any number of popular shopping sites, the spyware on their machine produces up a large pop-up window that covers the entire browser and obscures the legitimate shopping portal.  The pop-up is created by TrafficSolar simulating a click on one of those ads in its network of Google partners, an ad for the exact site the user intended to visit in the first place.  Unsuspecting shoppers complete a transaction on that pop-up window thinking they’re on the correct site.  The result is TrafficSolar and its ad partners get a share of the PPC fee paid by the original advertiser while the shopping site logs the visit and transaction as legitimate, with no clear reason to suspect otherwise.  Later on, because these transactions appear to be legitimate evidence of traffic conversion, an advertiser may be inclined to raise their bids in Google’s ad auction system.

Ok, we know that this is dizzyingly complicated so don’t feel bad if it’s making your head spin.  It certainly had a similar effect on us.  But while knowing every nitty gritty detail of this scheme isn’t particularly necessary, what IS important is that you’re aware this threat exists and that it is operating through an ad network (Google) that many of you probably already use.

So what can you do? As we always recommend, educating yourself on the issue of click fraud is vitally important.  Acknowledge that, as an online advertiser, you are in the crosshairs of people who are constantly using new and stealthy ways to carry out their click fraud schemes.  And if you’re using Google as an advertising network, pay very close attention to your conversion rates and data.  Look for discrepancies and when you find them, notify your Google representative immediately.

For retailers and e-commerce entities in particular, we strongly recommend that you utilize sites that do not use CPC or PPC pricing models at all.   Sortprice.com is one such price comparison site that employs a monthly fee pricing structure instead.  You get unlimited clicks for all of your products and no possibility of click fraud.

We’ll continue to track this story for you as new details emerge.   But we want to hear from you on this issue.  If you have questions about this or any other version of click-fraud, post it below and we promise we’ll get you as comprehensive a reply as possible.

Read Full Post »

Click Fraud Data Discrepancies

Posted in Click Fraud, tagged , , on July 27, 2009 | 2 Comments »

Those who read Ecommerce Junkie regularly know our position on the issue of click fraud. It’s not just a pesky nuisance. It’s a major problem and a tangible threat to the bottom line for anyone involved in online advertising and marketing. And to this day, despite calls for change from many in the industry, it continues to wreck havoc without much resistance.

Now, as if click fraud itself wasn’t a big enough problem, we’ve come across competing data on click fraud rates from two separate “watchdogs”, which leaves us wondering who is really paying attention to the issue and who could be sugar-coating data to make things seem better or worse than they are.

Click Forensics, whose click fraud reporting has been referenced here before, recently unveiled their data on Q2 2009 click fraud rates that indicate a decrease in instances of click fraud—down to 12.7 percent from 13.8 percent earlier this year. Meanwhile, Anchor Intelligence released some of their own data which puts the rate of click fraud so far this year at 22.9 percent in Q2 and 21.7 percent in Q1.

We’d probably be willing to look the other way if the margin of difference in data was a point or two. But when we’re talking about variations of 8 to 10 points, then it becomes clear that something is truly off here.

Click Forensics’ click fraud reporting looks very skeptical especially given the close relationships they have with certain industry giants who, despite their public statements to the contrary, actually benefit from click fraud. It’s tough to buy the 12.7 percent rate issued by Click Forensics when, in the big picture, their data also shows an overall decrease in click fraud over the past 12-18 months (their data for Q2 2008 had click fraud at 16.2 percent, for example).

Simply put, not enough has been done preventatively in the past year to justify a nearly 4 percent decrease in overall click fraud. We’re more likely to subscribe to the data put forth by Anchor Intelligence, a group that works with companies to actually fight click fraud. Their research on the issue also seems to be a bit more comprehensive and in-depth, as they looked at click fraud rates not only in the U.S. but around the globe as well. And frankly, after talking to one e-commerce leader, a click fraud rate in the low 20s seems much more realistic than the numbers Click Forensics is putting out there.

If you’re an online retailer, advertiser or marketer, it is in your best interest to pay close attention to data like this when it is released. However, after tackling the competing information put out by Click Forensics and Anchor Intelligence, we strongly advise that you rely on the latter more than the former. Either way, it’s highly advisable that you diversify your online advertising as much as possible to avoid cost-per-click programs that can be wrought with click fraud. In addition, carefully monitor traffic and analyze click logs on a regular basis to spot the fraud and trends normally employed by botnets.

Got questions or comments on click fraud? Leave them below.

Read Full Post »

Opinion: Stemming the Click-Fraud Tide; Ramifications for Economic Growth

Posted in Click Fraud, tagged , , , , on March 1, 2009 | Leave a Comment »

While bailouts and stimulus plans have largely dominated the economic headlines in early 2009, another recently released batch of quarterly click fraud data underscores what many of us in the industry have been saying for quite awhile–the severity of the threat click fraud poses to online advertisers and by extension, broader economic recovery, is growing by the day.

The picture painted by the Click Fraud Index, the industry’s barometer of click fraud activity compiled by Click Forensics, is not a pretty one. The overall industry average click fraud rate for Q4 2008 was up to a record-high 17.1 percent, while fraud on the CPC advertisements utilized by many small-budget internet advertisers on content sites like Google and Yahoo increased again as well. Perhaps most alarming, click fraud from ‘botnets’ swelled for an eighth straight quarter and now account for more than 30 percent of overall click fraud, another record high for the CFI’s monitoring.

In the aftermath of the CFI report, a debate has emerged over the legitimacy of the CFI’s data. The discussion, fueled largely by Google itself, focuses on what exactly constitutes a fraudulent click. Though the CFI stands by its numbers and the methods it uses to collect them, there are some who openly question if the data includes clicks that Google and others already account for as fraudulent, thus inaccurately inflating the overall click fraud rate.

Now, while this may be pertinent to the click fraud issue on the whole, unfortunately, it distracts us from the bigger picture. We are losing the battle against click-fraud at a most inopportune time and the economic expansion we seek as a nation will be that much harder to realize without a broad, concerted effort to fight back.

Whatever the numbers may ultimately be, click fraud has evolved into much more than just a pesky nuisance. Simply put, it equates to millions of dollars in lost revenue for advertisers and marketers at a time when many of them are scrambling to simply survive. Many of those are small and mid-sized businesses, whose success is crucial to job creation and strong economic performance. But as click fraud continues to expand, those that are relying on internet advertising to grow are finding their bottom lines severely diminished as a result.

As the data indicates, the botnets are faster and smarter than ever, hitting from different IP addresses at varying times and evading the filters designed to stop them. Link farms, groups of people hired exclusively to conduct fraudulent clicking, are also back in full force. As a result, online advertisers are going to be forced to allocate even more budgetary dollars towards combating the problem this year. And it doesn’t take a seasoned economist to understand the domino effect such actions will have on consumers and spending.

Absent any outside or government intervention, the onus for combating click fraud still lies with the advertisers themselves. A diligent and concentrated approach is crucial—one that carefully monitors traffic and analyzes click logs on a regular basis to spot the practices and trends normally employed by botnets. Advertisers must maintain strong relationships with their network providers as well, keeping them abreast of possible fraud with periodic reports and requests for investigations into suspicious activity. Finally, some may benefit from diversifying their advertising budgets with the incorporation of CPA (cost per acquisition) and ‘monthly flat rate’ models that can be just as effective while offering less risk.

Though these steps will likely result in higher short-terms costs and a greater time commitment, the continued high rate of click fraud leaves no real alternatives—our economic future, and the viability of our status as world leaders in technology and innovation depends on strong and swift action.

Read Full Post »

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: